Setting up MFA for the zitified ssh example

Quick note.. as I have the zitified ssh service working.. and thought to extend it a bit more by enforcing MFA as a part of the connection... as I know how to do this using the Ziti Desktop Edge app.

In relation to the zitissh client.. any tips?

does this require further development?

https://openziti.io/zitifying-ssh?x-host=openziti.io

Sadly, it’ll probably take a lot more than tips. I think that would be a great addition as well and it’s one of those projects I hope someone would get around to.

It’s going to be difficult since the mfa flow requires your service to authenticate, then declare to the controller that the identity wants to be mfa enabled, pass the mfa enrollment challenge etc… That’s just to enable mfa. After that you’ll need to add a flag to the client or prompt for the digits on connect.

That’s not a tremendous amount of work, but by golly it’s not “small” either.

There are a suite of mfa-related functions you’ll discover that cover these flows. It’s a decent “first go” project though. It’s complex but not too complex. Let us know if you take it on! :smiley:

1 Like

Happy to accept the challenge :slight_smile:

I have been looking for something like this .. let me know the next steps to get started on it,

I’d say come up with a plan of attack, lightly document what your approach will be, let us know and we can discuss if needed then get cracking on it. Clone the zssh repo and when you’re happy enough or need additional guidance, put up a pull request and we’ll finish it there.

1 Like

Sounds like my side project over the Xmas break is clear now … :slight_smile: